Access Control for RDF stores (AC4RDF)

Current RDF repositories support access control on the repository level. Access to the whole repository is either allowed or denied. With AC4RDF (Access Control For RDF) REWERSE working group I2 and we have developed a security layer on top of existing RDF stores like Sesame that provides a fine-grained access control on RDF Statement level.
This is achieved by evaluating policies, which define who is allowed/disallowed to access what certain RDF data in a given repository under which circumstances. These policies are defined by the owner of the RDF data (e.g. by using the Policy Editor of the Personal Reader Framework) to specify the access to single RDF-Statements or (sub)graphs of the RDF data taht is stored in the repository.

For a given query to the RDF repository, the Access Control Layer identifies the user/agent that sent the query and utilizes a policy engine (see Protune) to select policies that affect the requested RDF Statements and are applicable to the user/agent.
AC4RDF rewrites the query in order to respect all of these policies in a way that the rewritten query will only yield RDF data from the repository that the user/agent has access to according to the defined policies. The modular architecture of AC4RDF makes it usable on a wide range of RDF repositories.